Update Dockerfiles to run OMD as non-root user (#13726)

* Update Dockerfiles to run OMD as non-root user

* Update Dockerfile to use alpine:3 image

* Update Dockerfile to use alpine:3 docker image

* Update Dockerfile to use alpine:3 docker image

docker/development/Dockerfile

@@ -10,7 +10,7 @@
 #  limitations under the License.
 
 # Build stage
-FROM alpine:3.16 AS build
+FROM alpine:3 AS build
 
 COPY openmetadata-dist/target/openmetadata-*.tar.gz /
 
@@ -19,7 +19,7 @@ RUN mkdir -p /opt/openmetadata && \
     rm openmetadata-*.tar.gz
 
 # Final stage
-FROM alpine:3.16
+FROM alpine:3
 
 EXPOSE 8585
 
@@ -30,6 +30,10 @@ COPY docker/openmetadata-start.sh /
 
 RUN chmod 777 openmetadata-start.sh
 
+RUN adduser -D openmetadata
+RUN chown -R openmetadata:openmetadata /opt/openmetadata
+USER openmetadata
+
 WORKDIR /opt/openmetadata
 ENTRYPOINT [ "/bin/bash" ]
-CMD ["/openmetadata-start.sh"]
+CMD ["/openmetadata-start.sh"]

docker/docker-compose-quickstart/Dockerfile

@@ -10,7 +10,7 @@
 #  limitations under the License.
 
 # Build stage
-FROM alpine:3.15 AS build
+FROM alpine:3 AS build
 ARG RI_VERSION="1.2.0"
 ENV RELEASE_URL="https://github.com/open-metadata/OpenMetadata/releases/download/${RI_VERSION}-release/openmetadata-${RI_VERSION}.tar.gz"
 
@@ -20,7 +20,7 @@ RUN mkdir -p /opt/openmetadata && \
     rm openmetadata-*.tar.gz
 
 # Final stage
-FROM alpine:3.15
+FROM alpine:3
 ARG RI_VERSION="1.2.0"
 ARG BUILD_DATE
 ARG COMMIT_ID
@@ -39,6 +39,11 @@ COPY docker/openmetadata-start.sh ./
 COPY --from=build /opt/openmetadata /opt/openmetadata
 RUN apk add --update --no-cache bash openjdk17-jre && \
     chmod 777 openmetadata-start.sh
+
+RUN adduser -D openmetadata
+RUN chown -R openmetadata:openmetadata /opt/openmetadata
+USER openmetadata
+
 WORKDIR /opt/openmetadata
 ENTRYPOINT [ "/bin/bash" ]
 CMD ["/openmetadata-start.sh"]